RFC 7935, "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure", August 2016Source of RFC: sidr (rtg)
Errata ID: 5737
Publication Format(s) : TEXT
Reported By: Alberto Leiva Popper
Date Reported: 2019-05-24
Rejected by: Alvaro Retana
Date Rejected: 2019-07-18
Section 3.1 says:
algorithm (which is an AlgorithmIdentifier type): The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be used in the algorithm field, as specified in Section 5 of [RFC4055]. The value for the associated parameters from that clause MUST also be used for the parameters field.
It should say:
algorithm (which is an AlgorithmIdentifier type): The object identifier for RSA (rsaEncryption) MUST be used for the algorithm field, as specified in Section 3.2 of [RFC3370]. The value for the associated parameters from that clause MUST also be used for the parameters field.
The field described in the paragraph belongs to a public key. The way I understand it, particularly due to the inclusion of a digest, "RSA PKCS #1 v1.5 with SHA-256" (sha256WithRSAEncryption) is not really a public key algorithm identifier; it's a signature algorithm identifier.
(Courtesy of Russ Housley) rsaEncryption also allows the public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.
All existing RPKI readers and writers that I've seen, as well as the global RPKI repository certificates themselves, currently use rsaEncryption as the public key algorithm of subjectPublicKeyInfo. Therefore, this change should also reflect existing practice.
Any changes to normative statements require WG consensus. In this case, rfc7935 has been updated twice. Discussion should happen in the sidrops WG.